|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #58578 open_basedir return error
Submitted: 2009-03-09 05:09 UTC Modified: 2009-03-09 06:37 UTC
From: r at pro-9 dot com Assigned: pajoye (profile)
Status: Not a bug Package: htscanner (PECL)
PHP Version: 5.2.5 OS: gentoo linux
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Bug Type:
From: r at pro-9 dot com
New email:
PHP Version: OS:


 [2009-03-09 05:09 UTC] r at pro-9 dot com
php_value open_basedir return error:
php-cgi: PHP Warning:  Adding option (Name: open_basedir Value: /www:/tmp
(12, 10) failed! 
in Unknown on line 0
but other parameters, e.g php_value session.save_path is fine.

Reproduce code:
htscanner.ini file:
stop_on_error = 0

safe_mode in php.ini is Off
open_basedir in php.ini is undefined (phpinfo say: no value)

.htaccess file:
php_value session.save_path /var/tmp
php_value open_basedir /www:/tmp

Expected result:
session.save_path /var/tmp
open_basedir /www:/tmp

Actual result:
session.save_path /var/tmp
open_basedir no value


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2009-03-09 05:54 UTC] pierre dot php at gmail dot com
Can you try using:

php_value open_basedir "/www:/tmp"
 [2009-03-09 06:23 UTC] r at pro-9 dot com
I try with quotes, result is similar. Error message there:
Mar  9 13:08:20 vh7 php-cgi: PHP Warning:  Adding option (Name: open_basedir Value: "/www:/tmp"
Mar  9 13:08:20 vh7 ) (12, 12) failed!
Mar  9 13:08:20 vh7 in Unknown on line 0

The second digit is different in error message: 12, without quotes it is 10
 [2009-03-09 06:37 UTC] pierre dot php at gmail dot com
Thank you for taking the time to write to us, but this is not
a bug.

Well, it is Monday morning :)

open_basedir cannot (and should not) be overwritten using a per directory configuration option (from the www root). If not, it will defeat its whole purpose. Imagine someone simply changing it to \ and then do fopen("/etc/passwd");

Future versions of htscanner will allow the admins to set options per directory at the system level, which will be set during PHP's init phases. Something like what we have in 5.3:

Sorry to do not have replied that in the first place.
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Thu Jun 24 07:01:25 2021 UTC